Privacy Policy

This Privacy Policy explains what information we collect about you, how we use it, who we share it with, and what choices you have. It applies to anyone who visits or uses the Service. By using OTC Squawk you agree to this policy and to our Terms of Service.

OTC Squawk is currently in private beta with a limited number of invited testers. Data practices may evolve as we move toward public launch. Material changes will be communicated under Section 18 (Changes).

3.1 Information you provide directly.

• Account credentials: email address and password (passwords are stored only as hashes by our authentication provider).
• Profile information: username, display name, bio, avatar image, banner image.
• Content: posts ("squawks"), comments, likes, follows, and any images or media you upload.
• Preferences: theme preference, notification preferences, and your OTCfi opt-in status.
• Feedback: messages you submit through in-product feedback forms.
• Wallet address: only if you choose to connect a wallet for OTCfi features. Wallet connection is not currently enabled and will become available in a future release.

3.2 Information collected automatically.

• Device and connection data: IP address, user-agent string, browser type, operating system, and approximate location derived from IP.
• Activity data: timestamps of sign-in, page URLs you visit on the Service, and the actions you take (such as posting, liking, or following).
• Diagnostic logs: request and error logs maintained by our hosting and authentication providers for reliability and security.
• Cookies and local storage: see Section 7.

3.3 Information from third parties.

We may receive limited information about you from authentication providers when you sign in, and from market-data providers when you view information about a security. We do not buy personal information about you from data brokers.

• Operate the Service: create and authenticate your account, display your content, route notifications, run search.
• Personalize: remember your theme, notification, and other preferences.
• Moderate: detect spam, pump-and-dump activity, scams, and other prohibited conduct (see Section 5).
• Improve and develop: diagnose bugs, monitor performance, measure feature use, and design new features.
• Communicate with you: send transactional emails such as confirmations, notifications, security alerts, and changes to this policy.
• Comply with law and protect rights: respond to legal requests, prevent fraud or abuse, and enforce our Terms of Service.

We do not sell your personal information and we do not use it for cross-context behavioral advertising. We do not currently run third-party advertising on the Service.

We use an AI service from Anthropic, PBC (the Claude API) to help moderate user-submitted content. When you submit a squawk or comment, the text of that content is transmitted to Anthropic's API so that an automated classifier can score it for spam, manipulation, scam patterns, and other policy violations.

• We send only the content text, not your email or password.
• Anthropic processes the content as our service provider under its API terms and, per Anthropic's published policies, does not use API inputs to train its foundation models.
• You can review Anthropic's privacy practices at anthropic.com/legal/privacy.

Posts that score above an automated threshold may be auto-hidden pending human review. A human team member reviews any moderation decision that results in account suspension. We do not use AI for decisions that produce legal or similarly significant effects on you without an opportunity for human review and appeal. To appeal a moderation decision, contact us at the address in Section 19; we respond within a commercially reasonable time, typically 7 days.

• With other users: your username, display name, bio, avatar, banner, posts, comments, likes, and follows are visible to other users of the Service and, for public content, to anyone on the internet.
• With service providers: we share data with the third parties listed in Section 8 strictly to operate the Service.
• For feedback notifications: when you submit in-product feedback, the feedback text, your display name and handle, the page URL where you submitted, and your user-agent are forwarded to a private internal Discord channel monitored by the Metavesco team so we can respond quickly.
• For legal reasons: when required by law, court order, subpoena, or to protect the safety, rights, or property of Metavesco, our users, or others.
• In a business transfer: if Metavesco is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction. We will notify you and provide choices to the extent required by law.

You can clear cookies and local storage at any time through your browser. Removing the authentication cookie will sign you out.

• Account and profile data: retained while your account is active.
• Content (posts, comments, likes, follows): retained while your account is active. After you delete content, copies may persist in backups and caches for up to 90 days.
• Soft-deleted accounts: marked inactive immediately and removed from public surfaces within 24 hours. Posts and comments are anonymized within 30 days. Identifiable backup copies are purged within 90 days. Self-service hard deletion and full data export will be available after the pilot period.
• Server access logs (IP, user-agent, request metadata): retained by Vercel and Supabase for up to 90 days for security and reliability.
• Authentication logs: retained by Supabase per its standard retention windows.
• Feedback messages: retained for up to 24 months for product improvement, then deleted. You may request earlier deletion by contacting us at the address in Section 19.

• Access the information you provided through your account and your in-app activity.
• Correct your profile information at any time by editing it in-app.
• Delete your account from /settings/danger. See Section 9 for retention.
• Export a JSON archive of your account by emailing the contact in Section 19. Full self-service export will be available after the pilot period.
• Object or restrict certain processing as described in Sections 12 and 13.

To exercise any right, contact us using the information in Section 19. We may need to verify your identity before fulfilling a request. We will not discriminate against you for exercising your rights.

• Right to know the categories and specific pieces of personal information we collect, use, disclose, and sell or share.
• Right to delete personal information we collected from you.
• Right to correct inaccurate personal information.
• Right to opt out of the sale or sharing of personal information.
• Right to limit use and disclosure of sensitive personal information.
• Right to be free from discrimination for exercising any of these rights.

We do not sell personal information and we do not share personal information for cross-context behavioral advertising. The categories of personal information we collect, our purposes, and the categories of third parties we disclose to are described in Sections 3, 4, 6, and 8.

You may exercise these rights by contacting us using the information in Section 19. An authorized agent may submit requests on your behalf with verifiable authorization.

• Contract (Article 6(1)(b)) to provide the Service.
• Legitimate interests (Article 6(1)(f)) for security, fraud prevention, moderation, and improving the Service.
• Consent (Article 6(1)(a)) where required, such as for optional features.
• Legal obligation (Article 6(1)(c)) where required.

Subject to applicable law, you have rights to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to withdraw consent at any time without affecting the lawfulness of prior processing. You also have the right to lodge a complaint with your local supervisory authority.

Our service providers are located in the United States. International transfers are covered by appropriate safeguards, including standard contractual clauses where required.